I've raised https://issues.apache.org/jira/browse/INFRA-24201 for Beam and see also Airflow's ticket https://issues.apache.org/jira/browse/INFRA-24200.
On Mon, Feb 13, 2023 at 11:49 AM Daniel Gruno <humbed...@apache.org> wrote: > To Project PMCs: > > GitHub for Apache projects is currently set to allow a non-committer > contributor to use GitHub Actions if a previous pull request by that > person has been approved. > > This has raised some security concerns, and could cause issues with > overall use and availability of GitHub Actions. > > The Infrastructure Team proposes to change the default to “always > require approval for external contributors”. We intend to make this > change on Sunday the 19th of March, 2023. > > This change will apply to all GitHub repositories that do not already > have a specific GitHub Actions policy set. > > Projects that have a strong desire to use the “only need approval first > time” option should communicate that, explaining their reasons, in a > Jira ticket for Infra. Please be as specific as you can in which > repositories you wish to have this option set for, should you choose to. > > With regards, > Daniel, on behalf of the ASF Infrastructure Team. >
